I’m working to authenticate a user with a 3rd party application that is OKTA enabled. I have been able to use the /authn endpoint to gather a session token. But I’m having trouble exchanging that token for a session cookie with an application on a web server. My setup is SAML so I’m not able to get a redirect uri to use with the /authorize endpoint.
I have tried using the embed link for the application with the session token and that DOES work to load into the application and create the session cookie. But if I attempt to have the server do a GET request on the same URI it will not create the same session cookie that can be used with an application.
Can I create a SAML assertion or session cookie on a web server if I have a session token?
What I have so far
1.) Create session token with /authn
2.) Attempt to get JSESSIONID cookie value with embed link + session token query param
3.) Attempt to use JSESSIONID cookie with application login page to gain CSRF token.